The loss prevention tag “AirTag” announced by Apple in April could be used for phishing scams. “Krebs on Security,” run by security journalist Brian Krebs, warned on September 28 (local time).
If AirTag is set to “lost mode”, a unique URL for https://found.apple.com will be generated and you own the AirTag there. Allows a person to enter a contact’s phone number or email address.
Krebs warns that this feature could be used to redirect “Good Samaritan” to iCloud phishing pages or other malicious websites. bottom. (A good Samaritan is the Samaritan who helped a lost traveler in the Gospel of Luke 10: 25-37.)
) For example, if a person who finds an AirTag of a lost item scans the AirTag, it will be automatically transferred to the URL.
However, since it is possible to enter any code other than the phone number and email address in the lost mode, for example, the person who scanned the AirTag You may be redirected to a fake iCloud login page or another malicious site.
It’s possible that something other than your phone number or email address is entered on found.apple.com
Security consultant Bobby Rauff explained the issue to Krebs on Security. Rauff reported the issue to Apple on June 20, but Apple hasn’t addressed the issue yet. He told Krebs on Security that he had given him 90 days to open the issue to the public.
“I can’t remember other cases where these low-cost small tracking devices could be weaponized” (Rauf)
The price of one AirTag is $ 29 (3800 yen in Japan).
Mr. Krebs introduced a scenario that actually happened in the past and abused an inexpensive USB drive. An attacker drops a malware-laden USB in the parking lot of a company he wants to hack, and employees think it’s a lost item and connect it to an office PC to break into the network. This actually happened in 2008 in a parking lot at a US Department of Defense facility.
Rauff said the issue may not be the most important issue for Apple, but it should be easy to fix. Apple hasn’t responded to Krebs on Security’s request for comment.
Copyright © ITmedia, Inc. All Rights Reserved.
Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source
Click Here
Amazon Fire 7 Kids tablet, ages 3-7. Top-selling 7" kids tablet on Amazon - 2022 | ad-free content with parental controls included, 10-hr battery, 16 GB, Purple
$109.99 (as of July 4, 2024 21:17 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
USB C Car Charger, 3-Port 67W Dual USB-C & USB-A Car Power Adapter PD/QC Fast Charging Cigarette Lighter for iPhone 15/14/13/12/11/Pro Max, iPad, Samsung Galaxy S24/S23/S22/S21, Google Pixel, Android
$9.99 (as of July 4, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
In Case No Ond Told You Today Hello Good Morning I Believe In You Classroom Sign Teacher Sign, 8x10 inch - UNFRAMED (I Believe In You)
$9.99 (as of July 4, 2024 21:17 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Wikki Stix for Doodlers - Kid's Travel Essential: Portable Creativity On-The-Go! Pack of 24 Wikki Stix in Neon and Primary Colors. Made in USA ! 3 & Up.
$4.85 (as of July 4, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
